Tuesday, July 19, 2011

The RSA FraudAction Research Lab recently discovered a novel Trojan feature annexed to SpyEye Trojan variants (v1.03.45) and to Zeus Trojan variants (v2.0.8.9), made to maliciously target the Bitcoin e-currency system. The Trojans are now being used by their operators in a practice designed to leverage the extended botnet in order to mine Bitcoins.

This innovation is not to be confused with the hacking or stealing of the Bitcoin wallet; (which is likely also stolen by the Trojan), but rather a way to have the zombie computers on the botnet be part of a joint resource used for mining – and thus earning – Bitcoins.

This blog elaborates on what Bitcoins are, on the technical aspect of this new Trojan module as well on some of the possible implications this may have in the near future.

--------------------------------------------------------------------

Recently, Symantec released a write-up on the possibility of mining Bitcoins (BTC) using botnets.

"One of the selling points of the Bitcoin currency is that anyone with a computer can begin to earn Bitcoin blocks by using his or her computer’s computational power, along with open source Bitcoin software, to solve a difficult cryptographic proof-of-work problem. This is referred to as Bitcoin mining and, if successful in solving a block, it will lead to a reward of up to 50 Bitcoins per block...Taking this information into account, Bitcoin botnet mining as an attractive and profitable venture for cybercriminals is very questionable. However, with recent spikes in the valuation of Bitcoins reaching as high as $26, it may become more appealing in the future to cybercriminals as another source of illegal earnings from their botnets. Based, as the stability and value of Bit increase, as does the attractiveness of bitcoin botnet mining."

Looks like the developers of ZeuS and SpyEye are looking to get ahead of the curve.